CVE-2021-2018 Vulnerability in the Advanced Networking Option component of Oracle DB Srv (20-01-2021)

Preface: When Oracle has security advisory announce each time, I feel headache because vendor not willing to provide the details.

Vulnerability details: CVE-2021-2018 -Please refer to the link for details: https://nvd.nist.gov/vuln/detail/CVE-2021-2018

Technical Supplement: A large computer foot print around the world in the office is Microsoft window base machine. Therefore DB infrastructure integrate to Active Directory is common. Windows AD server classic way is Kerberos authentication. Oracle database competence support Kerberos. So called configuring the Kerberos authentication adapter. On Nov 2020 Microsoft do the remediation of Kerberos KDC Security Feature Bypass Vulnerability (CVE-2020-17049). When you read the official of Oracle vulnerability (CVE-2021-2018), it say, it is only affects Windows platform only. OK, be my guest. Using your imagination to understand this vulnerability. Great day, great fun!

Ref 1: To setup Kerberos on oracle DB. We will need to make changes in three places: DB Server, Client Workstation & Active Directory.

Ref 2: Kerberos KDC Security Feature Bypass Vulnerability – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.